[WIP] Add security option in yum module

Fix adds option to specify security updates in yum module

Fixes #11498

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2017-05-19 13:36:43 +05:30 committed by Toshio Kuratomi
parent 0aa7c06395
commit d3fe598202

View file

@ -126,6 +126,13 @@ options:
default: "/" default: "/"
aliases: [] aliases: []
security:
description:
- If set to C(yes), then installs all security updates.
default: "no"
choices: ["yes", "no"]
version_added: "2.4"
notes: notes:
- When used with a loop of package names in a playbook, ansible optimizes - When used with a loop of package names in a playbook, ansible optimizes
the call to the yum module. Instead of calling the module with a single the call to the yum module. Instead of calling the module with a single
@ -155,6 +162,7 @@ author:
- "Seth Vidal" - "Seth Vidal"
- "Eduard Snesarev (github.com/verm666)" - "Eduard Snesarev (github.com/verm666)"
- "Berend De Schouwer (github.com/berenddeschouwer)" - "Berend De Schouwer (github.com/berenddeschouwer)"
- "Abhijeet Kasurde (github.com/akasurde)"
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -1060,7 +1068,7 @@ def latest(module, items, repoq, yum_basecmd, conf_file, en_repos, dis_repos, in
return res return res
def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo, def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
disable_gpg_check, exclude, repoq, skip_broken, installroot='/'): disable_gpg_check, exclude, repoq, skip_broken, security, installroot='/'):
# fedora will redirect yum to dnf, which has incompatibilities # fedora will redirect yum to dnf, which has incompatibilities
# with how this module expects yum to operate. If yum-deprecated # with how this module expects yum to operate. If yum-deprecated
@ -1162,6 +1170,8 @@ def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
elif state == 'latest': elif state == 'latest':
if disable_gpg_check: if disable_gpg_check:
yum_basecmd.append('--nogpgcheck') yum_basecmd.append('--nogpgcheck')
if security:
yum_basecmd.append('--security')
res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot) res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot)
else: else:
# should be caught by AnsibleModule argument_spec # should be caught by AnsibleModule argument_spec
@ -1202,6 +1212,7 @@ def main():
installroot=dict(required=False, default="/", type='str'), installroot=dict(required=False, default="/", type='str'),
# this should not be needed, but exists as a failsafe # this should not be needed, but exists as a failsafe
install_repoquery=dict(required=False, default="yes", type='bool'), install_repoquery=dict(required=False, default="yes", type='bool'),
security=dict(default="no", type='bool'),
), ),
required_one_of=[['name', 'list']], required_one_of=[['name', 'list']],
mutually_exclusive=[['name', 'list']], mutually_exclusive=[['name', 'list']],
@ -1256,9 +1267,10 @@ def main():
disablerepo = params.get('disablerepo', '') disablerepo = params.get('disablerepo', '')
disable_gpg_check = params['disable_gpg_check'] disable_gpg_check = params['disable_gpg_check']
skip_broken = params['skip_broken'] skip_broken = params['skip_broken']
security = params['security']
results = ensure(module, state, pkg, params['conf_file'], enablerepo, results = ensure(module, state, pkg, params['conf_file'], enablerepo,
disablerepo, disable_gpg_check, exclude, repoquery, disablerepo, disable_gpg_check, exclude, repoquery,
skip_broken, params['installroot']) skip_broken, security, params['installroot'])
if repoquery: if repoquery:
results['msg'] = '%s %s' % (results.get('msg', ''), results['msg'] = '%s %s' % (results.get('msg', ''),
'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.') 'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.')